Author: joeyh
Date: 2013-01-29 09:14:41 +0000 (Tue, 29 Jan 2013)
New Revision: 21063
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-01-29 07:02:24 UTC (rev 21062)
+++ data/CVE/list 2013-01-29 09:14:41 UTC (rev 21063)
@@ -1,3 +1,63 @@
+CVE-2013-1449
+ RESERVED
+CVE-2013-1448
+ RESERVED
+CVE-2013-1447
+ RESERVED
+CVE-2013-1446
+ RESERVED
+CVE-2013-1445
+ RESERVED
+CVE-2013-1444
+ RESERVED
+CVE-2013-1443
+ RESERVED
+CVE-2013-1442
+ RESERVED
+CVE-2013-1441
+ RESERVED
+CVE-2013-1440
+ RESERVED
+CVE-2013-1439
+ RESERVED
+CVE-2013-1438
+ RESERVED
+CVE-2013-1437
+ RESERVED
+CVE-2013-1436
+ RESERVED
+CVE-2013-1435
+ RESERVED
+CVE-2013-1434
+ RESERVED
+CVE-2013-1433
+ RESERVED
+CVE-2013-1432
+ RESERVED
+CVE-2013-1431
+ RESERVED
+CVE-2013-1430
+ RESERVED
+CVE-2013-1429
+ RESERVED
+CVE-2013-1428
+ RESERVED
+CVE-2013-1427
+ RESERVED
+CVE-2013-1426
+ RESERVED
+CVE-2013-1425
+ RESERVED
+CVE-2013-1424
+ RESERVED
+CVE-2013-1423
+ RESERVED
+CVE-2013-1422
+ RESERVED
+CVE-2013-1421
+ RESERVED
+CVE-2013-1420
+ RESERVED
CVE-2013-1419
RESERVED
CVE-2013-1418
@@ -1503,7 +1563,7 @@
- icedove 10.0.12-1
- iceape 2.7.12-1
CVE-2013-0743 [nss: Dis-trust TURKTRUST mis-issued *.google.com certificate]
- RESERVED
+ REJECTED
{DSA-2599-1}
- nss 2:3.14.1.with.ckbi.1.93-1
[wheezy] - nss 2:3.13.6-2
@@ -1820,14 +1880,14 @@
NOT-FOR-US: Siemens SIMATIC
CVE-2013-0655 (The client in Schneider Electric Software Update (SESU) Utility
1.0.x ...)
NOT-FOR-US: Schneider Electric SESU
-CVE-2013-0654
- RESERVED
-CVE-2013-0653
- RESERVED
-CVE-2013-0652
- RESERVED
-CVE-2013-0651
- RESERVED
+CVE-2013-0654 (CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA -
...)
+ TODO: check
+CVE-2013-0653 (Directory traversal vulnerability in substitute.bcl in the
WebView ...)
+ TODO: check
+CVE-2013-0652 (GE Intelligent Platforms Proficy Real-Time Information Portal
does not ...)
+ TODO: check
+CVE-2013-0651 (The Portal installation process in GE Intelligent Platforms
Proficy ...)
+ TODO: check
CVE-2012-6432 (Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev,
when the ...)
NOT-FOR-US: Symfony
CVE-2012-6431 (Symfony 2.0.x before 2.0.20 does not process URL encoded data
...)
@@ -2220,16 +2280,16 @@
RESERVED
CVE-2013-0463
RESERVED
-CVE-2013-0462
- RESERVED
-CVE-2013-0461
- RESERVED
-CVE-2013-0460
- RESERVED
-CVE-2013-0459
- RESERVED
-CVE-2013-0458
- RESERVED
+CVE-2013-0462 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
+CVE-2013-0461 (Cross-site scripting (XSS) vulnerability in the virtual member
manager ...)
+ TODO: check
+CVE-2013-0460 (Cross-site request forgery (CSRF) vulnerability in the portlet
...)
+ TODO: check
+CVE-2013-0459 (Cross-site scripting (XSS) vulnerability in the Administrative
console ...)
+ TODO: check
+CVE-2013-0458 (Cross-site scripting (XSS) vulnerability in the Administrative
console ...)
+ TODO: check
CVE-2013-0457
RESERVED
CVE-2013-0456
@@ -3250,8 +3310,8 @@
RESERVED
CVE-2013-0108
RESERVED
-CVE-2013-0107
- RESERVED
+CVE-2013-0107 (Stack-based buffer overflow in Foxit Advanced PDF Editor 3
before 3.04 ...)
+ TODO: check
CVE-2013-0106
RESERVED
CVE-2013-0105
@@ -3363,8 +3423,8 @@
RESERVED
CVE-2012-6277
RESERVED
-CVE-2012-6276
- RESERVED
+CVE-2012-6276 (Directory traversal vulnerability in the web-based management
...)
+ TODO: check
CVE-2012-6275
RESERVED
CVE-2012-6274
@@ -3697,8 +3757,7 @@
NOTE: Fixed in 5.3.14
http://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e
NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793
NOTE: https://bugs.php.net/bug.php?id=61413
-CVE-2012-6112
- RESERVED
+CVE-2012-6112 (classes/GoogleSpell.php in the PHP Spellchecker (aka Google ...)
- tinymce <not-affected> (TinyMCE Google spellchecker plugin)
- wordpress <unfixed>
- moodle <unfixed>
@@ -3724,45 +3783,36 @@
RESERVED
- axis2c <unfixed> (bug #697974)
NOTE: https://issues.apache.org/jira/browse/AXIS2C-1619
-CVE-2012-6106
- RESERVED
+CVE-2012-6106 (calendar/managesubscriptions.php in the Manage Subscriptions
...)
- moodle <not-affected> (Only affects 2.4)
-CVE-2012-6105
- RESERVED
+CVE-2012-6105 (blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before
2.2.7, ...)
- moodle <unfixed> (low)
[squeeze] - moodle <not-affected> (Only affects 2.1 and above)
[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
-CVE-2012-6104
- RESERVED
+CVE-2012-6104 (blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before
2.3.4, and ...)
- moodle <unfixed> (low)
[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
-CVE-2012-6103
- RESERVED
+CVE-2012-6103 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
- moodle <unfixed> (low)
[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
-CVE-2012-6102
- RESERVED
+CVE-2012-6102 (lib.php in the Submission comments plugin in the Assignment
module in ...)
- moodle <unfixed>
[squeeze] - moodle <not-affected> (Only affects 2.3 and above)
-CVE-2012-6101
- RESERVED
+CVE-2012-6101 (Multiple open redirect vulnerabilities in Moodle 2.2.x before
2.2.7, ...)
- moodle <unfixed> (low)
[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
-CVE-2012-6100
- RESERVED
+CVE-2012-6100 (report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x
before ...)
- moodle <unfixed> (low)
[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
-CVE-2012-6099
- RESERVED
+CVE-2012-6099 (The moodle1 backup converter in
backup/converter/moodle1/lib.php in ...)
- moodle <unfixed>
[squeeze] - moodle <not-affected> (Only affects 2.1 and above)
[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
-CVE-2012-6098
- RESERVED
+CVE-2012-6098 (grade/edit/outcome/edit_form.php in Moodle 1.9.x through
1.9.19, 2.1.x ...)
- moodle <unfixed> (low)
[squeeze] - moodle <no-dsa> (Minor issue)
[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
@@ -5654,8 +5704,7 @@
RESERVED
NOT-FOR-US: Plone not packaged in Debian, see bug #692899
NOTE: https://plone.org/products/plone/security/advisories/20121106/01
-CVE-2012-5484
- RESERVED
+CVE-2012-5484 (The client in FreeIPA 2.x and 3.x before 3.1.2 does not
properly ...)
NOT-FOR-US: FreeIPA
CVE-2012-5483 (tools/sample_data.sh in OpenStack Keystone 2012.1.3, when
access to ...)
- keystone <not-affected> (Debian packaging enforces correct
permissions)
@@ -6973,14 +7022,14 @@
RESERVED
CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the
server ...)
NOT-FOR-US: Call of Duty Elite for iOS
-CVE-2012-4917
- RESERVED
+CVE-2012-4917 (The TripAdvisor app 6.6 for iOS sends cleartext credentials,
which ...)
+ TODO: check
CVE-2012-4916
RESERVED
CVE-2012-4915
RESERVED
-CVE-2012-4914
- RESERVED
+CVE-2012-4914 (Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256
allows ...)
+ TODO: check
CVE-2012-4913
RESERVED
CVE-2012-4912 (Cross-site scripting (XSS) vulnerability in the WebAccess
component in ...)
@@ -11556,8 +11605,8 @@
RESERVED
CVE-2012-3279
RESERVED
-CVE-2012-3278
- RESERVED
+CVE-2012-3278 (Stack-based buffer overflow in magentservice.exe in HP
Diagnostics ...)
+ TODO: check
CVE-2012-3277 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and
7.3-2, ...)
NOT-FOR-US: HP OpenVMS
CVE-2012-3276 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and
7.3-2, ...)
@@ -18650,8 +18699,8 @@
RESERVED
CVE-2012-0436
RESERVED
-CVE-2012-0435
- RESERVED
+CVE-2012-0435 (SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to
modify ...)
+ TODO: check
CVE-2012-0434
RESERVED
CVE-2012-0433
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
